Jump to content


Photo

PHP passed cause CSS stylesheet to be ignored


  • Please log in to reply
13 replies to this topic

#1 j_freeman

j_freeman
  • New Members
  • Pip
  • Newbie
  • 6 posts
  • LocationConway, AR, USA

Posted 14 July 2006 - 02:53 AM

I've been looking all day on the Web, trying to figure this one out. I'm hoping someone will be able to just give me a good slap and that'll be the end of it.

Anyway, PHP code passed to a script can cause linked stylesheets to be ignored by the browser, even if the value is not used. For instance, consider this pure XHTML saved with a PHP extension (test.php):

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
	<head>
		<meta http-equiv="content-type" content="text/html; charset=utf-8" />
		<link href="style.css" rel="stylesheet" type="text/css" />
		<title>test</title>
	</head>
	<body><p>Hello, World!</p></body>
</html>

With a style.css like this:
body
{
	font-family: sans-serif;
	font-size: 2em;
	text-align: center;
	color: white;
	background-color: black;
}

If you were to call test.php?test=hello, styles would be applied. However, if you were to call test.php?test=<?php echo('Hello'); ?>, no styles would be applied. It doesn't matter if the value passed is used or not--the result is the same.

Here is a demo of it in action:
http://www.haikuhost...php?test=abcdef
http://www.haikuhost....php?test=<?php echo("What is the problem?"); ?>  (May need to refresh your browser for the style to go away, if it was cached by the previous link.)

I've tried this on two different servers, both running PHP 4.4.2. One runs Apache 1.3.34 and one 1.3.36; it only happens with the one running 1.3.34.

#2 pixy

pixy
  • Members
  • PipPipPip
  • Advanced Member
  • 295 posts

Posted 14 July 2006 - 03:03 AM

What exactly are you trying to do? I think I'm missing "the point".

This is a .44 Caliber Loveletter straight through my heart.

Tabulas + Threadless + Hire Me!


#3 j_freeman

j_freeman
  • New Members
  • Pip
  • Newbie
  • 6 posts
  • LocationConway, AR, USA

Posted 14 July 2006 - 03:07 AM

What exactly are you trying to do? I think I'm missing "the point".


One of my scripts' CSS breaks when a user tries to search for PHP code; that's "the point". :) (And yes, URL-encoding is performed but doesn't cut it.)

#4 kenrbnsn

kenrbnsn
  • Staff Alumni
  • Advanced Member
  • 8,235 posts
  • LocationHillsborough, NJ, USA

Posted 14 July 2006 - 03:09 AM

That looks like a bogus URL.

I tested it with FireFox with the LiveHeaders extension. After the refresh I'm getting back "403 Forbidden" from your server.

What happens if you have the same source but name it ".html" so PHP isn't invoked?

Ken

#5 j_freeman

j_freeman
  • New Members
  • Pip
  • Newbie
  • 6 posts
  • LocationConway, AR, USA

Posted 14 July 2006 - 03:14 AM

That is a bogus URL.

I tested it with FireFox with the LiveHeaders extension.


Try this URL-encoded one instead, then, and run your extension on it:
http://www.haikuhost...s the problem?");%20?%3E

After the refresh I'm getting back "403 Forbidden" from your server.


Strange.

What happens if you have the same source but name it ".html" so PHP isn't invoked?

Ken


I haven't tried it, but that's beside the point, as this is simply a demonstration of the problem I'm having in script that must be parsed (see my reply to pixy).

#6 kenrbnsn

kenrbnsn
  • Staff Alumni
  • Advanced Member
  • 8,235 posts
  • LocationHillsborough, NJ, USA

Posted 14 July 2006 - 03:20 AM

I saw your reply after I posted my reply. The URL-encoded URL is the one giving me the 403 Forbidden  return. I do see the unformatted "Hello World" on my screen.

The reason I asked if a file with the .html extension does the same thing, is that if it does, then we can rule out PHP as the cause. I believe this will turn out to be the case, since you have no PHP code in your source at all, so PHP isn't really being invoked.

Ken

#7 j_freeman

j_freeman
  • New Members
  • Pip
  • Newbie
  • 6 posts
  • LocationConway, AR, USA

Posted 14 July 2006 - 03:27 AM

I saw your reply after I posted my reply. The URL-encoded URL is the one giving me the 403 Forbidden  return. I do see the unformatted "Hello World" on my screen.


Hmm, even stranger. I get 200 here. And at work. And at at a friend's.

Is the 403 when requesting test.php, or when your browser requests style.css?

The reason I asked if a file with the .html extension does the same thing, is that if it does, then we can rule out PHP as the cause. I believe this will turn out to be the case, since you have no PHP code in your source at all, so PHP isn't really being invoked.


That's what I was thinking. But considering that the same data is being sent to the browser, how could it be Apache? Perhaps the PHP causes Apache to deny the subsequent request for the stylesheet?

I've posted at my host's forums to see what they have to say about this.

#8 kenrbnsn

kenrbnsn
  • Staff Alumni
  • Advanced Member
  • 8,235 posts
  • LocationHillsborough, NJ, USA

Posted 14 July 2006 - 03:33 AM

It's coming back on the request for the stylesheet, which would explain why there is no formatting being done.

Ken

#9 j_freeman

j_freeman
  • New Members
  • Pip
  • Newbie
  • 6 posts
  • LocationConway, AR, USA

Posted 14 July 2006 - 03:40 AM

It's coming back on the request for the stylesheet, which would explain why there is no formatting being done.

Ken


I was hoping that wasn't the cause. ;D Now I'm off to find out why Apache does this.

Anyway, thanks for your help, kensbnsn. :) (I'd give you some positive karma but SMF is foreign to me.)

#10 kenrbnsn

kenrbnsn
  • Staff Alumni
  • Advanced Member
  • 8,235 posts
  • LocationHillsborough, NJ, USA

Posted 14 July 2006 - 03:43 AM

I just tried your code on my laptop (xampp: Apache 2.0.54, php 5.0.5) and it runs fine. So there is something funny going on with your server.

Ken

#11 PotatoBob

PotatoBob
  • Members
  • Pip
  • Newbie
  • 6 posts

Posted 14 July 2006 - 03:43 AM

http://www.haikuhost....php?test=<?php echo("What is the problem?"); ?>

Um we cant run this link its a server side thing
it would be more like this
http://www.haikuhost...whatisurproblem

#12 kenrbnsn

kenrbnsn
  • Staff Alumni
  • Advanced Member
  • 8,235 posts
  • LocationHillsborough, NJ, USA

Posted 14 July 2006 - 03:45 AM

I think you just click on the [grace] or [smite] links under the Karma on one of my posts Grace is for positive feedback, smite, negative.

Ken

#13 kenrbnsn

kenrbnsn
  • Staff Alumni
  • Advanced Member
  • 8,235 posts
  • LocationHillsborough, NJ, USA

Posted 14 July 2006 - 03:47 AM

The link is fine -- I've been testing it for a while. His CSS file is a normal CSS file, i.e. it's not being processed by PHP. At least I don't think it is, but if it were and that header wasn't in it, it wouldn't work at all.

Ken

#14 j_freeman

j_freeman
  • New Members
  • Pip
  • Newbie
  • 6 posts
  • LocationConway, AR, USA

Posted 14 July 2006 - 03:51 AM

I think you just click on the [grace] or [smite] links under the Karma on one of my posts Grace is for positive feedback, smite, negative.

Ken


It seems I need some karma to give karma, as I see no links like that. Oh well, real karma is better for you anyway. ;D




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users